An engineer wrote code that parsed out all of the data and a team integrated all of the code into their program even though they only planned to use some of the data.

Total BS. How anyone can believe that is hard to understand. This software was patented by Google. Do you think they never intended to use it? Considering that they keep all of your info for their own use, why should we believe this story from them? And if it was a mistake, why did they fight so hard to retain it?

The fact is that these companies consider these paltry fines as a cost of doing business. Fines have to be great enough to discourage that from happening. It should be at least enough to cover any possible profits made from the product's use, plus some. That's the only way to stop this. The fine for this should have been at least in the tens of millions.

If you're that cynical you've never dicked around with a software idea in a small group. That's what Google does. That's why most of their products are perpetual betas that get cancelled once they're determined to be unprofitable. It's also why they manage to come up with interesting ideas. And the reason why we should believe them is that they don't normally lie about the fact that they hate privacy. They openly want all the data. We know that. They work with investigators when they go too far. That is far more than can be said for the governments fining them.

If you want your data to be safe, encrypt it. If governments want their citizens' data to be secure (which they don't), they could ban access points that allow open networks without reflashing the firmware. Now even the most horrible person who wants to steal your identity, drain your bank account, and get you sued for downloaded mountains of porn is kept away (without so much effort as to make them easily detectable and give enough evidence to guarantee the harshest convictions in a criminal court), and an honest mistake won't mean anything.

That's not to say they don't deserve to be punished, but this is far from the worst thing that could happen. To say they deserve more is like saying that a speeding ticket is insufficient because the person driving too fast could have committed vehicular homicide. They didn't, but it might have been inevitable if they had gone on any further down the road.

“We never wanted this data and didn’t use it or even look at it" - Google

Money-saving tip. Forget paying for IQ tests - if you believe this, you have just discovered that you are a blithering, servile halfwit. Guaranteed.

And we've just discovered that you've never worked on anything complex enough to have a bug. Or, worse yet, you refuse to admit that you've ever made a mistake and are going to escape a similar situation by luck alone. Or, perhaps the worst of all, you're the sort of person who would milk that data for an early retirement if only you could get your hands on it.

The only real problem with that is that it's immensely difficult (nigh impossible) to determine those profits. And corporations tend to be experts at hiding profits where possible.But yes, blanket legislation saying "2% always for everything!" is of course silly.But, that's why it's worded as a maximum. Very rarely do courts award the maximum fine. Heck, even in this case, where the total cash amount was relatively small, they didn't even go for the maximum fine.

I still think that it's better than having a maximum that is tied to a percentage of company revenues, instead of the actual marginal profits. There are two scenarios I'm thinking of that have huge flaws:

Abuse of regulatory power. If there is a simple maximum like this, it is easy to give a much bigger fine than is warranted. Courts do a very reasonable job most of the time, but let's not pretend that the system couldn't use some fixing. Tighter legal constraints can improve the system.

Insufficient fines. Arbitrarily limiting yourself to 2% of a company's revenue can also be a bad idea. There are companies with more limited scope than Google which can also violate privacy. If they can increase their revenue by 10% by performing some unethical practice and only have to give up a fraction of that when they get caught, where's the deterrent?

Heh. Abuse of regulatory power can happen in any system, and does, on rare occasion. Unfortunately, I don't think there's any real solution to this, so long as humans are involved in defining, punishing, and committing crimes. That's why we do have maximums, and why the maximums are supposedly carefully chosen so as to not be so egregiously overblown as to be excessive. Clearly, various legal systems have failed in doing that, though, as in the case of file sharing in the United States. If you were to solve this problem, you'd be my personal hero (and probably also many other people's).

As for insufficient fines, it's still a subset of the same problem as the above issue - attempting to apply a deterministic, narrowly-defined law to the actions of an entity, which can vary wildly in severity, intent, etc.The way it works in the United States is that there's a range for fines. There's generally a recommended penalty, and then a maximum and a minimum. The minimum assures that nobody goes unpunished if found guilty, and the maximum is supposed to ensure that the punishment isn't too severe. In general, this works really really well, when the maximums and minimums are defined appropriately.I think the real problem is that we apply the law equally to a corporation and an individual. Then, when a maximum was designed with a corporation in mind, it's excessive to an individual, and when the maximum was designed with an individual in mind, it's ludicrously small for a corporation.

So no matter what you do - percentages or fixed fine schedules, you still end up with that problem. Using percentages just mitigates it (but, again, the trick is determining appropriate percentages and the figure to base that percentage off of).

Meh, the crime does not seem that bad. They complied with the investigation, they admitted the mistake, they didn't try to cover anything up, AND they were the ones who reported the offense to the Germans in the first place.

Now everyone wants Google to hang out to dry?

You are aware that they gave false information to the Germans when asked what they were doing and what types of data they were collecting? And then in public statements? And that the truth finally came out during an outside audit of their code and development practices?

This is hardly a witch hunt: giving them a very generous benefit of the doubt they were extremely careless with collection and retention of personal information including usernames and passwords, got questioned about it by a major government, provided false information in response to that question, and then got caught. What more do you want to demonstrate guilt regarding privacy violations?

You have links to substantiate these claims? They did not collect usernames or passwords, which makes me very suspicious that you know what you're talking about.

If I'm reading this article correctly, they wanted to collect information on SSIDs that were being broadcast, which no one has a problem with. When the team working on it sat down to write the code, they realized that they already had code that did something similar, so they decided to just incorporate that into their system. However, that code went further than what they actually needed and collected... something else (even after searching, I can't figure out what else was collected.) When Google finds out that they were collecting extra data, they both report it and hire an outside firm to figure out how it happened.

If the story above is correct (it is Google's story and I don't know what evidence there is against it,) I don't know why people would think that Google should be punished more.

I also don't think people understand that Google has already paid well over the amount of the fine in lawyers, audits and wages because of this problem. Like nearly every other penalty for a major corporation, the fine itself is the smallest portion of the problem.

They did not collect usernames or passwords, which makes me very suspicious that you know what you're talking about.

Can this assertion also be made definitively? Does Google know the contents of everything they recorded, in order to make that statement? If so, my desire to see them pay a large fine just shot through the roof, because that means they analyzed data they claim they didn't even want in the first place.

They did not collect usernames or passwords, which makes me very suspicious that you know what you're talking about.

Can this assertion also be made definitively? Does Google know the contents of everything they recorded, in order to make that statement? If so, my desire to see them pay a large fine just shot through the roof, because that means they analyzed data they claim they didn't even want in the first place.

According to this article, I was wrong. But I am still uncertain how they could collect that information from an open wifi network in some useful state. Any good website will encrypt at least the PW so even if the wifi network is open the PW will be hashed and completely unusable.

No. It's not. Because a machine has to be involved. And you have to INTEND to hear it. The issue isn't receiving it, in the first place - it's RECORDING it. Recording is DEFINITELY done with intent and is in no way incidental. How is this distinction being missed?

So if I walk around with a tape recorder? Or just have one recording, with the intent of just recording anything?

Quote:

An unlocked door is in no way secure beyond the knowledge, in your mind, that you are not supposed to enter it. An unsecured wifi network is EXACTLY the same.

Nonsense! To trespass on an unlocked house requires me entering a place I don't have the right to be. To pick up an insecure transmission, I need go nowhere and do nothing but put up an antenna! Nothing on the airwaves can be secret if it is broadcast in the clear, such an expectation is unreasonable in the extreme.

Quote:

Uh...That didn't even make sense.

My point is that I could set up something to just record electromagnetic frequencies without concern and somehow I'd be just as guilty. SDR simply makes sense because it doesn't care about what is being transmitted.

For example, whether or not your wireless phone connection is encrypted (or "adequately" encrypted, or whatever) snooping other people's conversations is not legal.

Really? I know that reactionary laws were made that forced receivers to implement hardware protections on old analog cellular bands after Newt got snooped (instead of forcing carriers and device makers to encrypt communications,) but I don't recall that being the case for anything else. Particularly not the unlicensed bands like 2.4 and 5 GHz.

I don't think there's any reasonable expectation of privacy on those bands. Thus the need to encrypt.

Quote:

It might be legal to shove an obvious microphone near someone and try to get some comments as an open part of an interview or to pull a Michael Moore and just openly follow someone around, but it's not necessarily legal to sit in a van with a parabolic microphone and record someone's conversation just because they happen to be in a public park.

Then logically it's illegal to have a microphone recording anywhere someone is unaware of it. Yet I don't see people getting prosecuted for that.

According to this article, I was wrong. But I am still uncertain how they could collect that information from an open wifi network in some useful state. Any good website will encrypt at least the PW so even if the wifi network is open the PW will be hashed and completely unusable.

Thanks for the link.But in any case, it's not really user names and passwords, necessarily, that I really care about because, as you pointed out, HTTPS and other such mechanisms should be taking care of that in the first place. It's the IM, email, and local network traffic that potentially got recorded that could be less than ideal to be in someone else's hands.

Meh, the crime does not seem that bad. They complied with the investigation, they admitted the mistake, they didn't try to cover anything up, AND they were the ones who reported the offense to the Germans in the first place.

Now everyone wants Google to hang out to dry?

You are aware that they gave false information to the Germans when asked what they were doing and what types of data they were collecting? And then in public statements? And that the truth finally came out during an outside audit of their code and development practices?

This is hardly a witch hunt: giving them a very generous benefit of the doubt they were extremely careless with collection and retention of personal information including usernames and passwords, got questioned about it by a major government, provided false information in response to that question, and then got caught. What more do you want to demonstrate guilt regarding privacy violations?

You have links to substantiate these claims? They did not collect usernames or passwords, which makes me very suspicious that you know what you're talking about.

Wait, seriously? Something that's been public record for years with multiple articles on this very website and you're demanding sources?

If you want a link, here's one containing "The unredacted FCC report refers to a Google “design document” written by an engineer who crafted the Street View software to collect so-called payload data, which includes telephone numbers, URLs, passwords, e-mail, text messages, medical records, video and audio files sent over open Wi-Fi networks."http://www.wired.com/threatlevel/2012/0 ... stigation/

All there needs to be is one instance where there was something private being transmitted while the Googlemobile drove by, such as someone's email, IM conversation, a personal document, etc. Any person with access to the recorded data (whether attained lawfully or unlawfully) would have the ability to access that information.

But you just said it. Something was being transmitted free-and-clear to anyone in proximity.

If someone is playing music really loud, am I supposed to put on earplugs to make sure I'm not violating copyright and turning it into a public performance?

For example, whether or not your wireless phone connection is encrypted (or "adequately" encrypted, or whatever) snooping other people's conversations is not legal.

Really? I know that reactionary laws were made that forced receivers to implement hardware protections on old analog cellular bands after Newt got snooped (instead of forcing carriers and device makers to encrypt communications,) but I don't recall that being the case for anything else. Particularly not the unlicensed bands like 2.4 and 5 GHz.

I don't think there's any reasonable expectation of privacy on those bands. Thus the need to encrypt.

It may not be wise to transmit highly valuable information in the clear. That doesn't make it legal to snoop private* transmissions not intended for you.

I'm not talking about recent laws and you seem to have what I'm talking about backwards because you mention laws requiring implementation of encryption.

Laws which make it illegal to snoop are quite different from laws requiring manufacturers of radio hardware or telcos to implement encryption. It's the former that I was talking about and they go back many decades.

A huge multinational corportation which rolls out a widespread RF listening program should be held to pretty high expectations of knowing and complying with the law.

Quote:

Quote:

It might be legal to shove an obvious microphone near someone and try to get some comments as an open part of an interview or to pull a Michael Moore and just openly follow someone around, but it's not necessarily legal to sit in a van with a parabolic microphone and record someone's conversation just because they happen to be in a public park.

Then logically it's illegal to have a microphone recording anywhere someone is unaware of it. Yet I don't see people getting prosecuted for that.

Yes, it often is. Look harder. I just gave you the search keywords. one party state, two party state- you can find all kinds of examples from businesses to police.

*no, you don't get to use your own definition of "private"- check the FCC's and the laws

And the data collected is totally useless because it is only random data

That's wrong. They fought in Germany to retain that data, and it's not random. It sucks down a lot of info from an unprotected network, including passwords, real names and addresses, and lots more.

Actually, no, it was a little worse. They got caught breaking the law and told the German government that they were going to shred the data. That action would, of course, amount to destroying the evidence of their misconduct. The German government was not impressed.

If it's illegal to record wifi radio in Germany, is it also illegal to record FM radio or broadcast TV? It would be just as ridiculous.

It's not all that ridiculous. Cordless phones were really easy to spy on, but if somebody were doing it and I found out I'd think they were a creep even if it were technically feasible. It's also not unprecedented; for example, in the UK it's illegal to even view television without a license, let alone record it. It's also generally illegal to record cell phone calls and has been for quite some time, even though analog systems and GSM are useless for security at this point.

You obviously don't understand the technologies involved to the extent necessary to be having this conversation on the level you're trying to. Please do not throw around terms just to sound like you're making an impressive point.Software-defined radio has nothing AT ALL to do with anything we're discussing, and is simply another type of transceiver. The construction of your radio has nothing to do with the issue at hand.

You're also still missing the distinction between receiving and recording, which is inexcusable at this point in the conversation.

Furthermore, 802.11 and all of the supporting concepts it is made of is a tremendously complex technology. Asserting that recording communications using it is a completely innocent act is ludicrous.

You even lack consistency in your handling of the unlocked door analogy. You obviously know you're not supposed to be there. Yet you can't seem to grasp that you're not supposed to be on someone else's network.

Again, all this seems to stem from your misunderstanding of the distinction between reception, decoding, and recording.Reception of broadcast radio signals is not and never has been illegal anywhere (otherwise the mere fact of your existence would be illegal, since you're an antenna of sorts).Decoding some things can sometimes be illegal, depending on what it is you're decoding and on whether you have permission to do so.Recording is nearly always illegal, without consent, in most jurisdictions, even if the thing you're recording is itself a crime.

Note that the distinction between reception and recording is primarily one of permanence and reproducibility, with regard to communication. Reception is a momentary state and can't be repeated. Recording is at least semi-permanent and can be recreated at an arbitrary later time.

What Google did was recording, which necessarily implies both of the other two, but it's only the act of recording that is the issue. Nobody here has tried to argue that reception should be illegal. That's just absurd for the reason I mentioned above.

microlith is actually valid in his point. Let's examine a comparable example - first operating under the premise that your wifi can be transmitted into public space (as was the case with Google, which we are ultimately referring to), therefor we can immediately throw out the whole house-with-unlocked-door scenario (which is, in fact, a breach of unauthorized entry on private property).

(1) You're sitting in your backyard on the phone with a buddy. Your yard is immediately adjacent to a public park. I am sitting on a bench in that park within hearing range of your phone call. You are talking to your wife and say something along the lines of "Hey, Alice, go sign onto our Citi-Bank account from the web and check something out for me - the password is 'B-A-D-P-A-S-S-W-O-R-D' ... [conversation continues]...". Now I have that information in my head. Actually, I write it down. I am amused at how bad this guy's bank account password is so I post this story on some forum "...yeah, and this [un-named] guy said his bank account password was 'B-A-D-P-A-S-S-W-O-R-D' ...". Are you suggesting that I have no broken some laws? After all I have sat in a public place, overheard a conversation that was intended to be private, and now made record of that information. I am not directly identifying the individual (so there is a degree of anonymity to it) nor have I gone and used this information for malicious intent such as unauthorized access/entry. I have not directly provided the necessary information to others so that they could then use it for malicious intent.

(2) I have a dashboard camera in my car and I am driving down a public street. A woman is walking around naked inside her house but chooses not to draw the blinds/curtains closed, therefor my camera happens to catch her naked. I now have a recorded copy that I am sure the woman wouldn't have wanted me to have. My intentions were to capture video for some artistic project or perhaps to help me in the event of an accident claim later so I would have the events recorded for insurance purposes (really it makes no difference). I was not sitting outside the house with the camera fixated on the windows for a long period of time with intent to directly capture some risque photos, but I happened to catch these images accidentally. If I am not posting these images for public consumption (but still maintain the copy of that day's footage) have I now conducted some illegal activity?

I realize these are somewhat strange examples, but they're simply examples to illustrate what is going on. These people had the opportunity to secure their privacy (ie go inside the house for the conversation or draw the blinds to prevent public viewing) but they opted not to. This is analogous to people having the potential to secure their wifi networks before broadcasting private data into public space, but failing to do so.

And the data collected is totally useless because it is only random data

That's wrong. They fought in Germany to retain that data, and it's not random. It sucks down a lot of info from an unprotected network, including passwords, real names and addresses, and lots more.

Actually, no, it was a little worse. They got caught breaking the law and told the German government that they were going to shred the data. That action would, of course, amount to destroying the evidence of their misconduct. The German government was not impressed.

I'm not talking about recent laws and you seem to have what I'm talking about backwards because you mention laws requiring implementation of encryption.

No, I mentioned that no laws were ever put in place. Instead stupid workarounds were mandated in radio receivers so that even if it was broadcast in the clear, you couldn't actually tune to the frequencies.

Quote:

Yes, it often is. Look harder. I just gave you the search keywords. one party state, two party state- you can find all kinds of examples from businesses to police.

Unless I'm mistaken, "one party" and "two party" rules are almost exclusively related to recording telephone communications. And certainly never in a public space where no guarantees of privacy are expected - expecting unencrypted RF communications on unlicensed bands using common encoding protocols to be secret is utter madness.

You obviously don't understand the technologies involved to the extent necessary to be having this conversation on the level you're trying to.

Ah, so we're going to resort to ad-hominem.

Quote:

Software-defined radio has nothing AT ALL to do with anything we're discussing, and is simply another type of transceiver. The construction of your radio has nothing to do with the issue at hand.

I figured it would make more sense than saying a "reel to reel tape recording everything received" since I've never seen nor used a reel to reel. I have used an SDR to record signals off the air, however. Obviously I'm being nefarious.

Quote:

You're also still missing the distinction between receiving and recording, which is inexcusable at this point in the conversation.

It should be irrelevant. I don't need to record the data to harvest information.

Quote:

Furthermore, 802.11 and all of the supporting concepts it is made of is a tremendously complex technology. Asserting that recording communications using it is a completely innocent act is ludicrous.

Asserting that it is somehow a subversive or even criminal act is even moreso. Particularly how trivial it is, given the use of unlicensed bands and protocols used the world over.

Quote:

You even lack consistency in your handling of the unlocked door analogy. You obviously know you're not supposed to be there. Yet you can't seem to grasp that you're not supposed to be on someone else's network.

Err, no. Just no. You don't have to hop on their network, get an IP address, and snoop around to do what Google did. I could do it with the SDR I noted above, and no one would ever know.

You are aware that they gave false information to the Germans when asked what they were doing and what types of data they were collecting?

Source?

Well, if you'd actually read the thread you're insulting me in you could start here in which it's revealed (internal company docs) that the Google engineers designed and reviewed the code to do exactly what it did and that they knew this was legally and ethically questionable:viewtopic.php?p=24341659#p24341659

If you're only interested in the two direct comments about the Germans, it's in here and the other sources I cite: the German government made a direct inquiry about what Google was doing as a result of privacy concerns. Google supplied false information (and internal docs make it clear that they at least should have known that it was false). What they were doing then became public. The Germans asked for the evidence. Google initially declined, preferring to destroy it (which then resulted in a dispute).

Google insisted that it did not collect any kind of IP or packet data in the course of its WiFi collections.

That turned out to be mostly untrue. The company announced last week that it discovered a "mistake" in the code being used to collect info and that it was, in fact, collecting some information on who was visiting what websites on which WiFi networks. Google said that the data was never used in any capacity and that it had no plans to keep the unwanted data around. The company said it was looking to destroy the data immediately with the help of an independent review (an update to Google's blog post from Friday indicates that data collected in Ireland has already been deleted). The company also said that it would stop collecting any information about WiFi networks in light of this discovery.

Actually, no, it was a little worse. They got caught breaking the law and told the German government that they were going to shred the data. That action would, of course, amount to destroying the evidence of their misconduct. The German government was not impressed.

Any source or it is just another wrong claim?

Ah, dismissive and insulting combined with incorrect: how wonderful.

For this particular comment, how reading to the end of the article I just cited which closes with "Update: German authorities have demanded that Google hand over the hard drives it used to store the data so that they can see exactly what's on them, according to the New York Times. Google has offered to destroy the data but not hand it over (yet, anyway), and Germany is not happy with that solution."and links to a respected primary source which makes it clear that Google initially declined the request to hand over the evidence,http://www.nytimes.com/2010/05/19/techn ... .html?_r=0(Yeah, there are more resources with details on this if you genuinely care)

I'm not talking about recent laws and you seem to have what I'm talking about backwards because you mention laws requiring implementation of encryption.

No, I mentioned that no laws were ever put in place. Instead stupid workarounds were mandated in radio receivers so that even if it was broadcast in the clear, you couldn't actually tune to the frequencies.

Yeah, you've still got it backwards.

I said that it was illegal to eavesdrop whether or not a transmission is encrypted and without particular regard to whether the radio waves cross somewhere public or not. Those laws have been around for decades or more (think back to wireless phones, CB's, VHF, HAM, etc.).

It's like the difference between laws against breaking and entering and the existence or lack of laws requiring front doors to be locked: it might be WISE to lock your front door but it being unlocked does not mean that it's fine to steal everything inside. Likewise, the existence or lack of existence of a law in the town requiring properly locked front doors does not give Google license to legally walk into every house in town (or even to take detailed pictures through the front window).

Quote:

Unless I'm mistaken, "one party" and "two party" rules are almost exclusively related to recording telephone communications. And certainly never in a public space where no guarantees of privacy are expected - expecting unencrypted RF communications on unlicensed bands using common encoding protocols to be secret is utter madness.

A few starter pointers for the relevant laws. They're certiainly cited most often in conjunction with telephones, but that's not the only context that they apply to.

And, to that particular comment, yes - some condescension was intended, because you were apparently either ignorant of or willingly ignoring the distinction between those terms, which are CRITICAL to this discussion, whether you like it or not. And this post was no exception. You're still conflating them (as well as ignoring the fact that some of the things you seem to think are legal are, in fact, already illegal, and for good reason).

I figured it would make more sense than saying a "reel to reel tape recording everything received" since I've never seen nor used a reel to reel. I have used an SDR to record signals off the air, however. Obviously I'm being nefarious.

Again, the construction of your radio has nothing to do with the discussion at all. I can record radio signals with anything capable of receiving and amplifying said signals and transcribing analog wave forms into a permanent medium. The way you're talking about SDR doesn't instill confidence that you understand that RECEPTION has NOTHING to do with RECORDING.And, if you were recording radio signals, depending on where you are and what you were recording, it may very well be illegal. Not wanting it to be so doesn't make it not so.

You're also still missing the distinction between receiving and recording, which is inexcusable at this point in the conversation.

It should be irrelevant. I don't need to record the data to harvest information.

At some point, it is irrelevant, but not at the point you're trying to make it.You're trying to say that receiving a radio signal is the same as recording it, for these purposes.That's very false. All it takes to receive a radio signal is existing in the broadcast range of the transmitter.What IS illegal is then decoding that signal and inspecting the contents of the data inside. If you are sitting there, monitoring it but not physically recording it, it's still illegal to do. If you glean passwords or whatever from that data, that's on you. YOU are INTENTIONALLY watching, at that point. You're not an innocent bystander who had a WiFi signal thrust upon you, decoded for you, and the contents force-fed to your eyes. Now, if you do nothing with it, no harm, no foul (in my opinion, anyway - the law sees it differently). If you then act on that data or do as google did and record it, you've definitely crossed the line.What legitimate purpose can you recording that information have? Beacon frames - sure. There's nothing revealing in there other than the fact that the network does, in fact, exist, rather than just background noise in that spectrum. But everything else is none of your damn business.

Asserting that it is somehow a subversive or even criminal act is even moreso. Particularly how trivial it is, given the use of unlicensed bands and protocols used the world over.

See above comment. What legitimate purpose do you have to permanently store that information? And you're wrong, anyway. It's not trivial at all to "accidentally" record information from a wifi network. In fact, it's not all that trivial to intentionally do it, either. You have to intentionally listen to the specific frequencies involved, run software (or hardware) capable of recording that data, and..well..record it. The only "accidental" things that are really legitimate with WiFi are devices that decide to associate to the nearest open network - VERY easy to do accidentally, but still doesn't record ANYTHING.And if you think saying "SDR!!!!" makes an acceptable answer to that, that's also wrong, because look at the intentional effort that was required to do that in the first place. And, again, what is the purpose? If your purpose is so legitimate and benevolent, let us know what it is you're doing, how, and why. Saying "SDR" isn't a point. Make one, please. You know what else is easy to do with a SDR? Faking an emergency signal. But that doesn't make it ok. Please tell me what your point about SDR is.And also, pray tell how your SDR is recording or decoding the signal, anyway. If it's speaking WiFi, then the fact that it's an SDR is completely irrelevant. Not that it was relevant in the first place, but it drives another nail in the coffin of your argument if it is, because their function is identical. You don't need an SDR to sniff WiFi without associating to the network.I'll say it again: the construction of the radio is irrelevant in every way, shape, and form to this discussion.

Err, no. Just no. You don't have to hop on their network, get an IP address, and snoop around to do what Google did. I could do it with the SDR I noted above, and no one would ever know.

I never once mentioned association, which happens long before IP allocation is possible. Sniffing it is what we've been talking about this whole time. I'm sticking to the subject.If you're going to nit-pick the analogies, use the one someone else provided of having a camera and catching someone naked in their house.But I've got my own nitpick for that one - that is directly observable by a human. Radio waves are not. Hence my point about some effort being necessary, and why intent must be there, and so claiming innocence is laughable.

Awesome that you snipped out the part where I explained why I put those links there in your attempt to discredit me for being an asshole, while simultaneously posting about how the difference in these terms is somehow irrelevant, when the facts and the law are both against you.

And, to that particular comment, yes - some condescension was intended, because you were apparently either ignorant of or willingly ignoring the distinction between those terms, which are CRITICAL to this discussion, whether you like it or not.

You may think they have importance, but I haven't seen it made yet. If Google wanted to extract information from the packets there was no need to record the data. And that they recorded the data is not evidence of wrongdoing.

Quote:

And, if you were recording radio signals, depending on where you are and what you were recording, it may very well be illegal. Not wanting it to be so doesn't make it not so.

So just to be safe, we should never record radio signals. Because it might be illegal somehow, somewhere. Ok.

Quote:

You're trying to say that receiving a radio signal is the same as recording it, for these purposes.That's very false. All it takes to receive a radio signal is existing in the broadcast range of the transmitter.What IS illegal is then decoding that signal and inspecting the contents of the data inside.

And there's no proof, none, that Google did this.

Quote:

But everything else is none of your damn business.

Then encrypt it. Or don't go crying when someone listens in on your public conversation because that's what unencrypted wifi is.

Quote:

It's not trivial at all to "accidentally" record information from a wifi network. In fact, it's not all that trivial to intentionally do it, either. You have to intentionally listen to the specific frequencies involved, run software (or hardware) capable of recording that data, and..well..record it.

Wireshark. Point it at your wifi adapter and hit "start."

Quote:

And if you think saying "SDR!!!!" makes an acceptable answer to that, that's also wrong, because look at the intentional effort that was required to do that in the first place.

I should never have mentioned it because you seem to have latched on to it and lost your mind.

But I like your paranoia, and assumption of guilt. Nefarious, nefarious people everywhere.

Ah yes, the repeated attempts of the police to abuse wiretapping laws to stop people from recording public events.

I'm not arguing the merits of that particular use of the law (in fact I agree with your characterization as "abuse"- possible exception of Illinois where that may be the actual intent of the law and in that case I'd say that the law itself is a really bad one).

I hope you'll recognize that these cites are, however, valid for demonstrating that laws about recording conversations (and audio in general) apply well beyond the context of telephone conversations.

It's also worth noting that you apparently ignored the general cites on the law- so if you don't want the law cites and you don't want examples I'm not sure what would convince you.

You may think they have importance, but I haven't seen it made yet. If Google wanted to extract information from the packets there was no need to record the data. And that they recorded the data is not evidence of wrongdoing.

This case depends on the distinction between them. Fact.I have also stated the relevance a couple times. Plus, there is too evidence the data was recorded, which is, in itself, the crime.Also, the fact that recording the packets themselves wasn't necessary doesn't make the fact that they did suddenly go away. And, if they had recorded PARTS of the information, that's still recording the information, so you're trampling your own point here.

So just to be safe, we should never record radio signals. Because it might be illegal somehow, somewhere. Ok.

Um. No. Nobody said that. But, just to be clear, no - you shouldn't intentionally record signals that you are not explicitly authorized to do so with. Tell me one good reason why you would, anyway. The law says you shouldn't. If you do it and don't do anything bad with it and nobody finds out, then, like anything else, you'll be fine.You HAVE to distinguish between recording and receiving for this point to not be absurd anyway. It blows my mind that you're trying to argue the difference is irrelevant.

You're trying to say that receiving a radio signal is the same as recording it, for these purposes.That's very false. All it takes to receive a radio signal is existing in the broadcast range of the transmitter.What IS illegal is then decoding that signal and inspecting the contents of the data inside.

And there's no proof, none, that Google did this.

Well, that just made it obvious you didn't read anything in any of the links that have been provided by others in this thread.You're straight-up wrong on this one.Google's own design document on it stated the intent to look at the payload data.Here's the Wired article that was previously linked by puffinus with some good excerpts, again: http://www.wired.com/threatlevel/2012/0 ... stigation/

Then encrypt it. Or don't go crying when someone listens in on your public conversation because that's what unencrypted wifi is.

That's not how it works at all. And again I'll point out the locked door analogy. Make it a car door in a public parking lot, if you want the whole public space thing to apply. Or your luggage, on an airplane. How can you POSSIBLY make the point that it's ok to intentionally snoop simply because someone didn't go through effort to obfuscate?

It's not trivial at all to "accidentally" record information from a wifi network. In fact, it's not all that trivial to intentionally do it, either. You have to intentionally listen to the specific frequencies involved, run software (or hardware) capable of recording that data, and..well..record it.

Wireshark. Point it at your wifi adapter and hit "start."

I knew it. You're not talking about recording signals. You're talking about recording, specifically, 802.11 frames. And that further proves that you had no point when you pointed out SDR.And no, just because wireshark is easy to use by one who can read a readme does not make this trivial and in no way does it make it in any way accidental. In fact, it does quite the opposite. You had intent to snoop. You didn't just happen upon it. Why are you claiming otherwise? "Oh, your honor, those binoculars pointed at my neighbor's house? I only accidentally spy on her. I'm just looking in that direction and the reflected light off of her body just happens to hit my eyes." Yeah. Try that one in court and let me know how it goes.

And if you think saying "SDR!!!!" makes an acceptable answer to that, that's also wrong, because look at the intentional effort that was required to do that in the first place.

I should never have mentioned it because you seem to have latched on to it and lost your mind.

But I like your paranoia, and assumption of guilt. Nefarious, nefarious people everywhere.

Nice try at discrediting me again.You brought it up. You pushed it multiple times as a central piece of your argument. And now you're trying to back out of it and make me look bad for calling you on it.You haven't answered any questions posed, yet, haven't read the links/citations provided to you, and have instead responded to both puffinus and myself with additional rhetorical questions and by dodging the clear questions we've both asked by making additional false statements or by simply re-asserting your opinion on the matters of opinion (which is fine, but at least do us the courtesy of supporting your opinion).

But, as puffinus has also pointed out, you clearly don't want to participate fairly in this discussion by educating yourself on the details of this case or by allowing us to spoonfeed it to you, either, so this isn't going to get anywhere.

Question: What exact law(s) did Google break (legal link would be great), and do those laws exist in the US as well?

I read the press release that states "illegal recording of WiFi networks." However, there must be some further technical qualifications attached to the law(s), preferably listed in bullets. I assume recording means in nonvolatile memory, because otherwise, every WiFi device out there performs "recording of WiFi networks." Are there qualifications regarding depth (if you consider an OSI model)? ISM spectrum restrictions? protocol? coding/modulation scheme? duration/length? Decryption seems to me the only obvious no-no.

I ask because there is enormous value on the technical side for performing real world collection and analysis of wireless communication networks.

Meh, the crime does not seem that bad. They complied with the investigation, they admitted the mistake, they didn't try to cover anything up, AND they were the ones who reported the offense to the Germans in the first place.

Now everyone wants Google to hang out to dry?

You are aware that they gave false information to the Germans when asked what they were doing and what types of data they were collecting? And then in public statements? And that the truth finally came out during an outside audit of their code and development practices?

This is hardly a witch hunt: giving them a very generous benefit of the doubt they were extremely careless with collection and retention of personal information including usernames and passwords, got questioned about it by a major government, provided false information in response to that question, and then got caught. What more do you want to demonstrate guilt regarding privacy violations?

You have links to substantiate these claims? They did not collect usernames or passwords, which makes me very suspicious that you know what you're talking about.

Oddly enough, Google is the one who said they captured such information. They posted it on their blog when this first happened. It was Germany who wanted to get that info so they could examine it.

But, as puffinus has also pointed out, you clearly don't want to participate fairly in this discussion by educating yourself on the details of this case or by allowing us to spoonfeed it to you, either, so this isn't going to get anywhere.

Actually, it was Oletros I said that to after he made a string of zero content hostile posts demanding proof of things he could have found with a few seconds effort (even just on this site) and implying that I probably didn't know what I was talking about and am repeatedly making unsubstantiated and false claims. I don't recall conversing with him before so I don't know if it's a normal habit of his.

microlith hasn't gone that far with me at least though I do note his back-and-forth with you.

goodstuff wrote:

Question: What exact law(s) did Google break (legal link would be great), and do those laws exist in the US as well?

Have you read the links so far? The specific laws vary by jurisdiction, but the short version is that you shouldn't snoop on transmissions which aren't intended for your consumption.

Layman comment: Certain standards like WiFi have parts which _are_ intended to be received (such as announcing availability of a network). This seems to me to be a relaxation in the sense of allowing the presumption that you're allowed to read/check that part of the signal for the intended purpose (to log into an open Wifi or a closed one you have rights to) much as certain radio bands are set aside for public broadcasts (music/tv/etc.).

Noone's going to arrest you for clicking "find Wifi points" on your PDA at the mall. Police interactions have occured for things like parking in front of a vacant business or an occupied house, connecting to and using open WiFi, and continuing to do that when questioned and asked to stop.

Intentionally watching and decoding the data packets (say, the apps that let you snoop passwords or emails or facebook data as people log in and use services in a a coffee shop) goes a big step further and is illegal in lots of places.

Sure, the data you could collect is valuable but that isn't a defense.

Question: What exact law(s) did Google break (legal link would be great), and do those laws exist in the US as well?

Have you read the links so far? The specific laws vary by jurisdiction, but the short version is that you shouldn't snoop on transmissions which aren't intended for your consumption.

Layman comment: Certain standards like WiFi have parts which _are_ intended to be received (such as announcing availability of a network). This seems to me to be a relaxation in the sense of allowing the presumption that you're allowed to read/check that part of the signal for the intended purpose (to log into an open Wifi or a closed one you have rights to) much as certain radio bands are set aside for public broadcasts (music/tv/etc.).

Noone's going to arrest you for clicking "find Wifi points" on your PDA at the mall. Police interactions have occured for things like parking in front of a vacant business or an occupied house, connecting to and using open WiFi, and continuing to do that when questioned and asked to stop.

Intentionally watching and decoding the data packets (say, the apps that let you snoop passwords or emails or facebook data as people log in and use services in a a coffee shop) goes a big step further and is illegal in lots of places.

Sure, the data you could collect is valuable but that isn't a defense.

I have read the links. They all seem to be targeted to the general public, therefore lacking specificity and technical context. I question the validity of your short version, because it doesn't hold for the majority of the laws I know of. A few examples off the top of my head: web crawlers on the internet, GPS, filming and audible reception in public areas (minus the caveat of some restrictions regarding specific targeting)

Edit: The illegal scenarios you mentioned are not of interest to me, and I don't believe Google transgressed any of them either. Correct me if I'm wrong, but I believe they only performed indiscriminate reception and recording, sometimes known as war-driving.

Also, regarding your last statement, I know it isn't a valid defense. That's why I'm interested in learning the full version of what is legal and what isn't.

Have you read the links so far? The specific laws vary by jurisdiction, but the short version is that you shouldn't snoop on transmissions which aren't intended for your consumption.

Layman comment: Certain standards like WiFi have parts which _are_ intended to be received (such as announcing availability of a network). This seems to me to be a relaxation in the sense of allowing the presumption that you're allowed to read/check that part of the signal for the intended purpose (to log into an open Wifi or a closed one you have rights to) much as certain radio bands are set aside for public broadcasts (music/tv/etc.).

I have read the links. They all seem to be targeted to the general public, therefore lacking specificity and technical context. I question the validity of your short version, because it doesn't hold for the majority of the laws I know of. A few examples off the top of my head: web crawlers on the internet, GPS, filming and audible reception in public areas (minus the caveat of some restrictions regarding specific targeting)

In response, I'd say that web or other servers aren't radio transmissions in the normal sense. Also, like WiFi, when computers are plugged into the network there's a defined method for querying a server and it's therefore generally expected that it's ok to ask politely for something from a server so long as you honor a request to go away. That goes so far as visiting: other laws come into play for logging and reproducing (such as whether it's ok to store and display cached copies for others), which are sometimes more about copyright in the same way that receiving a map for free at the Info kiosk at Disneyland is not a license to print your own tour guide and include that map.

GPS is also a defined standard on bandwidth legally allocated for that purpose in much the same way as broadcast television or radio: by definition, you're told what to listen to and how to interpret it. Filming and audible reception is a bit different, as video in public is normally ok but audio often depends on context.

Quote:

Edit: The illegal scenarios you mentioned are not of interest to me, and I don't believe Google transgressed any of them either. Correct me if I'm wrong, but I believe they only performed indiscriminate reception and recording, sometimes known as war-driving.

And that recording of payload is arguably illegal (depending on how and why, various laws including privacy-related ones could apply but I think the FCC has said that what Google did isn't wiretapping in particular). It's not been tested out that thoroughly with regard to all of the various laws which might apply.

Quote:

Also, regarding your last statement, I know it isn't a valid defense. That's why I'm interested in learning the full version of what is legal and what isn't.

I'll see if I have any links handy. This is a huge area; do you have any focus? Radio, Wifi, internet legal queries vs hacking/DOS/etc.?

I'll see if I have any links handy. This is a huge area; do you have any focus? Radio, Wifi, internet legal queries vs hacking/DOS/etc.?

Indiscriminate reception and recording of the PHY layer in the ISM bands and to what extent analysis can be done of the higher layers.

Edit: For a protocol, I believe WiFi would fit the bill.

Edit2: One possible perspective I imagine would be allowing the demodulation/decoding of everything explicitly outlined in the standard. However, any further demodulation/decoding requiring a variable negotiated between the two ends (loosely worded as a "key") would be off limits.

Perhaps they could swing a 2% fine of the net income of Google in Germany, they arent touching their global profits though, out of their reach.

Minor nipick - they implied going after revenue, not net income. As far as I know, any percentage of net income in Germany would be almost worthless, as Google does a pretty good job of moving all profits to tax havens.

As for the article itself, all I can say is that it does look awful disproportionate when Microsoft is paying amounts in hundreds of millions for neglecting to include the browser selection option in their OS, and Google gets 150k for this.

... Just because those consumers are ignorant doesn't make it ok to use their data ...

Uh, yes it does. Ignorant people should be stripped of their rights. They are dragging us all down.

And who defines "ignorant?"

Why do you need an authority to define ignorant?

Quote:

I can guarantee there is some subject field you are ignorant in. Should you lose any of your rights there? Most of us are notably ignorant in the field of law, where the rights themselves are defined. Should we lose all rights?

No you cannot. I may not be an expert in a lot of fields, but I am definitely not ignorant. I can always educate myself on a topic sufficiently quickly, and know how to request the assistance of an expert, should I require one. I forfeit any rights in areas where I am proven to be completely ignorant.